by Kris on Linux, Tips and Tweaks

Mounting a case-insensitive filesystem on Linux

Recently I had a web developer who was coding on a Linux server, he was used to working on Windows servers and was having problems dealing with the case sensitivity of the EXT3 filesystem. I looked into it and in addition to using the Apache mod_speling module, also decided to go a step further. As root or using sudo do the following:

  1. Create a file of the size you wish the filesystem to be, 1GB in this example: 
    dd if=/dev/zero of=fat32.disk bs=1K count=1M
  2. Format the filesystem, fat32 in this example but you can use NTFS or another case-insensitive file system: 
    mkfs.vfat fat32.disk
  3. Mount the filesystem and test it, you may wish to use uid= and gid= to mount it as a specific user and you’ll probably want to adjust the umask to something less permissive: 
    mount /media/fat32.disk /var/www/fat32 -t vfat -o loop,owner,group,umask=000
  4. Add this to /etc/fstab so that it gets mounted after a reboot: 
    /media/fat32.disk /var/www/fat32 vfat loop,owner,group,umask=000 0 0

I wouldn’t use this for production systems, in that situation I’d recommend a dedicated FAT32 or NTFS partition. If you do have to run this on a production system it should be fine for 99% of setups, it just feels like a quick hack to me.

 
by Kris on Windows

Starting services in safe mode

Recently I was trying to figure out how to start additional services in Windows safe mode. I had a user whose laptop kept crashing at login, I had a quick look and several theories came to mind but uptime was important, so as a temporary workaround I set it up in safe mode with networking.

A few days later the user calls and wants to be able to print in safe mode. I look into it, do some searching, but the prevailing wisdom seemed to be that it wasn’t doable. This sounded like an MCP party line to me so I decide to explore the registry. Eventually I find the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control key which has sub-keys of Minimal and Network. Minimal being safe mode, Network being safe mode with networking. It seems to be a whitelist of services, drivers and drive groups that are allowed to start or load.

Therefore it is possible to start additional services and load additional drivers in safe mode – just add a key for the service or driver short name, then a string for type. The below entry (if in a .reg file) would allow the Print Spooler to start in safe mode with networking.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Spooler]
@="Service"

If you want a list of all drivers, driver groups and services starting in normal mode and their corresponding short names check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

I’d caution against whitelisting too much as it kind of defeats the purpose of safe mode, though in certain situations as a quick hack it can useful. It may also be something worth checking the next time you’re dealing with a particularly nasty malware infection. I haven’t seen anything which exploits it yet, but I imagine something does.

 
by Kris on Tips and Tweaks

Vim SnipMate plugin error and how to fix it

I have been moving back and forth between Emacs and Vim for about two years trying to pick one, I think Vim has finally won. I’ve been putting together a .vimrc and plugin set since then. I may write more on why I went with Vim and on my setup later, but I had a problem recently and I thought I’d post the fix I used:

I had just installed the SnipMate plugin which mimics the snippet functionality of TextMate, and every time I restarted I got an error stating:

cpoptions=ces$ line in my .vimrc. This line makes the cw command and similar commands put a $ at the end instead of just deleting text and replacing it. I could see no reason for me to need this and just removed the line. That setting then defaulted back to cpoptions=aABceFs and the error was gone.

	    		
 
by Kris on Networking

IPv6: Part 1 – I could see you all ignore the fact we’d fill up IPv4

After several friends asked about it, and because of the recent featured article on the BBC technology news site, I thought I would do a series on IPv6. I consider myself somewhat of an authority, because my honours project, dissertation and paper were on IPv6 – the actual title being IPv6, its implementation and migrating from IPv4 – I had what I thought were better ideas for a project but I figured IPv6 knowledge would increase my employability in the coming years.

The series starts with theory and need, then a few posts on local implementation, a couple of scenarios for wider implementation, then a final article on the reticence of the IT world to IPv6 and what I think is causing it.

So starting with theory and the need for IPv6, I know they’re not glamorous, I know to some they may be mind numbing and they’d rather just get on and do it, the whole don’t talk or discuss just do mentality. I can sympathise with this opinion. That being said, sorry no dice, you need a good mix of practical and theory otherwise you get into the area of call cargo cult system administration – I’ll probably discuss that phrase more in a future post – where you follow something like a ritual with no actual understanding. … 

 
by Kris on Networking

I am the gatekeeper…

Are you the keymaster. Or how to stop some joker messing up your beautiful network by screwing with client side DNS.

Scenario: You’re a system administrator/network administrator/IT guy (whatever you want to call it) with an excellent setup, and while you sit staring at the blinking lights in the comms room pondering the quintessential meaning of things, or more realistically chatting on IRC (whatever floats your boat) you’re interrupted for the fifteenth time that week by that luser, um user you were forced to give local admin access to. Turns out now they can’t access the intranet or send e-mail.

Upon investigating you find that once again this user has changed the DNS settings on their computer, breaking Active Directory/OpenLDAP/e-mail whatever, despite repeated warnings. They’re operating under the mistaken belief that using the DNS servers provided by OpenDNS, Google DNS or any number of resolvers found here. Will make their Interweb downloads of funny cat pictures faster, you’ve tried chatting and explaining it to the guy, you tried approaching their line manager with no success. Short of beating the user with a hammer you need to find a way to resolve this situation, what do you do? You could block external DNS but that’s only half an answer. If they do it again it will break more connectivity. …